May 16, 2022

Volume XII, Number 136

Advertisement
Advertisement

May 16, 2022

Subscribe to Latest Legal News and Analysis

Sharing Cyberthreat Information With Competitors

In this inter-connected world, a cyberthreat to your competitor can quickly become a problem for your own company. Wouldn't it be great if you could share information with each other about cyberthreats, so that you would both be better off in the long run?

"You want to do what with our competitor?" is likely the incredulous question that many compliance officers and in-house lawyers alike will pose when hearing about any sort of proposed collaboration with a competitor. And for good reason. Antitrust laws strictly prohibit companies from collaborating with each other if the result might be anti-competitive--such as raising prices or restricting output.

But what if the companies want to share information about the latest computer virus? Does that violate the antitrust laws? In a recent joint announcement, the federal antitrust enforcers emphasized that the answer is typically "no."

In a joint announcement on April 10, the U.S. Department of Justice (DOJ) and the Federal Trade Commission (FTC) attempted to make clear that the antitrust laws should not be "a roadblock to legitimate cybersecurity information sharing."1 The head of the DOJ Antitrust Division called the announcement an "antitrust no-brainer."

The agencies have long had guidelines regarding collaboration between competitors, which emphasize that collaboration is not necessarily anti-competitive.2 These guidelines take into account the business purpose for the sharing, the type of information shared, and the context in which the sharing takes place. Notably, antitrust concerns can arise regardless of whether companies share information directly, or through a common vehicle like a trade association.

Cyberthreat information is typically very technical in nature. For example, sharing the "threat signature" of potential malware, or the source IP address of a cyber attack, does not likely involve information that could be used for anti-competitive means. In fact, to the contrary, sharing this information can increase economic efficiencies by helping secure our nation’s IT infrastructure.

Many companies routinely share cyberthreat information already.3 Before the announcement by the DOJ and FTC, however, some companies were leery about the antitrust ramifications of such overt exchange of technical information with competitors. The joint announcement by DOJ and the FTC attempted to put those fears to rest.

But the agencies were careful not to grant blanket immunity for such conduct. Indeed, the last part of the announcement is this simple footnote: "Of course, if an information sharing arrangement is being used as a cover to fix prices, allocate markets, or otherwise limit competition, antitrust issues could arise." For this reason, companies would be wise to implement strict procedures governing what sort of information their IT professionals can—and cannot—share with peers at other companies.


1 U.S. DEPT. OF JUSTICE & FED. TRADE COMM’N, ANTITRUST POLICY STATEMENT ON SHARING OF
CYBERSECURITY INFORMATION (2014), available at http://www.justice.gov/atr/public/guidelines/305027.pdf.

U.S. DEPT’ OF JUSTICE & FED. TRADE COMM’N, ANTITRUST GUIDELINES FOR COLLABORATIONS
AMONG COMPETITORS (2000), available at http://www.ftc.gov/os/2000/04/ftcdojguidelines.pdf.

Some industries have established “Information Sharing Analysis Centers” (ISACs) to share cybersecurity
information. See http://www.isaccouncil.org.

Copyright © 2022 Godfrey & Kahn S.C.National Law Review, Volume IV, Number 115
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Kevin J. O'Connor, Litigation Attorney, Godfrey Kahn Law Firm
Shareholder

Kevin O’Connor is chair of the Antitrust and Trade Regulation Practice Group and has offices in both Madison and Milwaukee. He has more than twenty years of experience in antitrust, trade regulation, and consumer litigation and counseling.

Before joining the firm, he served as the Assistant Attorney General in charge of antitrust enforcement and head of the Office of Consumer Protection and Antitrust in the Wisconsin Department of Justice. During his tenure in government, Kevin chaired the National Association of Attorneys General's (NAAG) Multistate Antitrust Task Force. He led...

608.284.2600
Advertisement
Advertisement
Advertisement